remove redirect from activate-account to login if password is not conform

certat / do-portal

This project is in maintenance mode and will only receive bug fixes, but no new features. A new version of this software is being developed.

5 stars 5 forks source link

remove redirect from activate-account to login if password is not conform #89

Closed ghost closed 4 years ago

ghost commented 5 years ago

The activate-account redirects to the login if the entered password is not conform with the password policy. Please remove this redirect so the users stays on the password reset page.

davewood commented 4 years ago

https://github.com/certat/do-portal/blob/master/frontend/app/scripts/services/auth.js#L52

do you want the redirect removed entirely?

certrik commented 4 years ago

I think @wagner-certat meant to not redirect users which entered a password which doesn't comply with the password rules. If the password complies with the rule the user should be redirected.

davewood commented 4 years ago

this is the cause of the redirect. https://github.com/certat/do-portal/blob/devel/frontend/app/scripts/services/authinterceptor.js#L39

if the backend doesnt respond with HTTP 401 in case of password policy errors everything should be fine.

davewood commented 4 years ago

fixed:

f68b60e - (HEAD -> devel, origin/devel) send HTTP 400 if password violates policy (14 seconds ago)